Software assurance system for runtime environments
First Claim
1. A method comprising:
- monitoring, by an analysis computing system, execution of one or more applications on a runtime computing system, wherein the runtime computing system includes a plurality of processing units that perform one or more operations during execution of the one or more applications;
during execution of the one or more applications on the runtime computing system, receiving, by the analysis computing system and from the runtime computing system, monitoring information that includes at least one of function call data or application programming interface call data associated with the one or more operations performed by the plurality of processing units during execution of the one or more applications, wherein the at least one of the function call data or the application programming interface call data comprises at least one ordered sequence of a plurality of function calls or application programming interface calls that are each intercepted by at least one function hook or application programming interface hook during execution of the one or more applications on the runtime computing system;
importing, by the analysis computing system, the monitoring information into a risk model;
analyzing, by the analysis computing system, the monitoring information within the risk model to determine one or more potential vulnerabilities and one or more potential impacts of the one or more potential vulnerabilities in the runtime computing system, wherein the one or more potential vulnerabilities are associated with execution of the one or more applications on the runtime computing system, and wherein the one or more potential vulnerabilities are further associated with at least one unexpected call sequence or unexpected call stack associated with the at least one ordered sequence of the plurality of function calls or application programming interface calls; and
outputting, by the analysis computing system and for display in a graphical user interface, a graphical representation of the one or more potential vulnerabilities and the one or more potential impacts in the risk model.
1 Assignment
0 Petitions
Accused Products
Abstract
An example method includes monitoring execution of one or more applications on a runtime computing system that includes a plurality of processing units, receiving, from the runtime computing system during execution of the applications, monitoring information that includes at least one of function call data or application programming interface call data associated with operations performed by the plurality of processing units during execution of the applications, importing the monitoring information into a risk model, analyzing the monitoring information within the risk model to determine one or more potential vulnerabilities and one or more impacts of the one or more vulnerabilities in the runtime computing system, and outputting, for display in a graphical user interface, a graphical representation of the one or more potential vulnerabilities and the one or more impacts within the risk model.
-
Citations
29 Claims
-
1. A method comprising:
-
monitoring, by an analysis computing system, execution of one or more applications on a runtime computing system, wherein the runtime computing system includes a plurality of processing units that perform one or more operations during execution of the one or more applications; during execution of the one or more applications on the runtime computing system, receiving, by the analysis computing system and from the runtime computing system, monitoring information that includes at least one of function call data or application programming interface call data associated with the one or more operations performed by the plurality of processing units during execution of the one or more applications, wherein the at least one of the function call data or the application programming interface call data comprises at least one ordered sequence of a plurality of function calls or application programming interface calls that are each intercepted by at least one function hook or application programming interface hook during execution of the one or more applications on the runtime computing system; importing, by the analysis computing system, the monitoring information into a risk model; analyzing, by the analysis computing system, the monitoring information within the risk model to determine one or more potential vulnerabilities and one or more potential impacts of the one or more potential vulnerabilities in the runtime computing system, wherein the one or more potential vulnerabilities are associated with execution of the one or more applications on the runtime computing system, and wherein the one or more potential vulnerabilities are further associated with at least one unexpected call sequence or unexpected call stack associated with the at least one ordered sequence of the plurality of function calls or application programming interface calls; and outputting, by the analysis computing system and for display in a graphical user interface, a graphical representation of the one or more potential vulnerabilities and the one or more potential impacts in the risk model. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computing system, comprising:
-
one or more processors; and a non-transitory computer-readable storage medium storing instructions that, when executed, cause the one or more processors to; monitor execution of one or more applications on a runtime computing system, wherein the runtime computing system includes a plurality of processing units that perform one or more operations during execution of the one or more applications; during execution of the one or more applications on the runtime computing system, receive, from the runtime computing system, monitoring information that includes at least one of function call data or application programming interface call data associated with the one or more operations performed by the plurality of processing units during execution of the one or more applications, wherein the at least one of the function call data or the application programming interface call data comprises at least one ordered sequence of a plurality of function calls or application programming interface calls that are each intercepted by at least one function hook or application programming interface hook during execution of the one or more applications on the runtime computing system; import the monitoring information into a risk model; analyze the monitoring information within the risk model to determine one or more potential vulnerabilities and one or more potential impacts of the one or more potential vulnerabilities in the runtime computing system, wherein the one or more potential vulnerabilities are associated with execution of the one or more applications on the runtime computing system, and wherein the one or more potential vulnerabilities are further associated with at least one unexpected call sequence or unexpected call stack associated with the at least one ordered sequence of the plurality of function calls or application programming interface calls; and output, for display in a graphical user interface, a graphical representation of the one or more potential vulnerabilities and the one or more potential impacts within the risk model. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer-readable storage medium storing instructions that, when executed, cause a computing system to perform operations comprising:
-
monitoring execution of one or more applications on a runtime computing system, wherein the runtime computing system includes a plurality of processing units that perform one or more operations during execution of the one or more applications; during execution of the one or more applications on the runtime computing system, receiving, from the runtime computing system, monitoring information that includes at least one of function call data or application programming interface call data associated with the one or more operations performed by the plurality of processing units during execution of the one or more applications, wherein the at least one of the function call data or the application programming interface call data comprises at least one ordered sequence of a plurality of function calls or application programming interface calls that are each intercepted by at least one function hook or application programming interface hook during execution of the one or more applications on the runtime computing system; importing the monitoring information into a risk model; analyzing the monitoring information within the risk model to determine one or more potential vulnerabilities and one or more potential impacts of the one or more potential vulnerabilities in the runtime computing system, wherein the one or more potential vulnerabilities are associated with execution of the one or more applications on the runtime computing system, and wherein the one or more potential vulnerabilities are further associated with at least one unexpected call sequence or unexpected call stack associated with the at least one ordered sequence of the plurality of function calls or application programming interface calls; and outputting, for display in a graphical user interface, a graphical representation of the one or more potential vulnerabilities and the one or more potential impacts within the risk model. - View Dependent Claims (25, 26, 27, 28, 29)
-
Specification